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METHOD AND SYSTEM. FOR CONTROLLING 
THE DISCLOSURE TIME OP INFORMATION 



This invention relates t-v,^ , , , 
Particular, this invention JlT , ° f In 

information. to controlling the disclosure time of 

♦ 

Over recent years, there has been a huge increase in «, 
information published and distributed electrical" . ^ 

The advent of the Internet and communication via e mail 
information can be "obtained , „ cacion Vla e-mail means that 

such as a colter Tl ^Z jT * " — <*«-i« 

telephene networks . h^ , ™* 00 ™ nmi «"<» such as 

*uic*ly as WaT there £ ° £ *" f °™"» - "» *strihu t .a. 

congestion Lns in the . 

Information can also be stored eleet«m -i n ai •> 
• such as a diskette or a CD-ROM and the stoL" ^ " & 
A high volume of information can be trj s f"^d "** diSt ~ buted ' 

storage device. transferred on a relatively small 

In this way electronic devices or^r-*^ * 
a connected and a disconnected *™ *- 

then be stored on the electronic T laf ° Ination Can 

requires the information The terT * *" ^ 33 the USSr 

types of data including f formation i- used to encompass all 

such as still or™ Z^^l^T *~ 

10 aata such as music, voice, etc. 

Problems are faced when d-i c 5 +-^-?k,, + -^ • 
means wherein the informal dlStributln * information using electronic 

-it £ „ r ^ in £ :^°r e ~r co r cted use ~ as — 

Physically transferred. recel ™d °» » *tora 3 e device which roust be 

1 „ * 

A distinction can be made between + ■ 

the ability to access the informal dlst -^ution of information and 

sent electronically to TrZtlZl laf — * 

- encrypted data can only ^^TT^^TT^ * 
a password to unlock the encrypted data T t * SUch as 

information can be governed oTtne We of th 7 * ^ 

... . 1SSUe of the ke ^ to the recipient. 
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Controlling the time of the rH =„n 
for time sensitive material. £ °* *• «W« 

"Ports and announcements ma y JLT^-T"* aC ° OUntS ' r -" lt '' 
Such documents ray be lex g e LHL"^^?^ •*« " C *" al » 
economical end pr , otlcal co ^J\ ^ — - -X be 

such as printed documents. traditional means of distribution 

Cinema film distribution 1=! 
disclosure of information S^LT^lZT 1 ^ ^ 
release is distributed on the relief. Gently a film for 

would be beneficial to be able t ^ ^tellite communication. It 

network at any time prior to the reT^e LT^T ^ ^ a P * blle » 
taken of downtime in the network S ° advanta ^ could be 

delays. ^ co ^ications avoiding congestion and 

info rJtL^rrre P ^r„T° iated " ith ° f Closure of 

*~ of so„ethi» g before" .™ S b : t 0 T ^ *° — 
without business loss. Mo^l" ^IZ ^^™ " *— "—^ 
disclosed at a later date. Pr0 of i s 7 ™ ^^ted form and 

information at a time before the disclosur~ ^ ~- - «- 

The aim of the present invention i a i-« « 
for controlling the disclosure time If Z for Z * ""^ W - 

distributed and stored by a ! lnf0nnatl0n - ^formation can be 

invention makes use of public T ^ * diSCl — *> recipient. 

r P ut, lic key cryptography. 

*ey «^^^.^^"Z^ 0 f ^ ^graphy. Public 

-d the other for decryption. one for encryption 

In normal use, one of the kev M ^ ,-v, 
* the user. „hile the other iJZZZ^ST** ^ *" *"* 
disclosed. The k e y pair must hL. tL ^rt^ LT ^ PUbli ° 1V 
the public *e y . it is infeasible to ^ZZ^lZlZT^" " 

A user receives or, with suitable ' 
itself a pair of keys which aret™! t" T °" 
use, the user keeps one of these kL ^ ' In no ™* 1 

other key can safely be mad! "* »~ di *— The 

Personal data. Public keys do not hlv ! k * 8U *" r ° r Similar 

can be shared as widely or nLr^w . PUbUshed to th * world. They 
dictate. y narr ° Wly aS busin -s and privacy requirements 



( 
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* ■ 

• Due to the way the keys are oenerat-pfl t . 
Private key can only be decrypted IZTll^lZyZ^T^ ^ 
Using a key pair means that the sender and I 

secret key. receive * *> not need to share a 

The term tt user" is rf^f-in^ 
groups of individual, any entity including individuals, 

p individuals, one or more individuals in * 
organisations, computer amH • viau ^ls in a role, corporations, 

computer applications or systems, automated machines, etc. 

* 

Conventional use of public k^v r*y~*r~*-~ 

le: PUDiic key cryptography makes- the following 



possible: 



• Anyone knowing a user's public kev can 
• with that key „d CM1 besurethaT "e "V 

corresponding private key . ^crypt ^ - " ho . al »- - th. 

^ . ■ * uecrypt it. This provides 

confidentiality. s 

• A user sdght also encrypt a message with his private tey . ^ CKmot 
provide confidential! h V k^-, - cannot 

PuhUc key cant ryP " t C Z' £S T^ 

This authentication and can als^e *~ 

non-repudiation - the ditHt-ai ~~ ■ n oasis for 

tne digital equivalent of a signature. 

ce« i fic,LT li h °- key in£ " Str »"— - -er typically needs „ 

key certificate is issteo I'J^ """^ the US9r ' The 

issued by a reputable, trusted agency, such as a bank. 

noes L f s th ' T ^ aellln3 ™ ith ' bUSi — — «• -» 

the user. Tne ban^" seH h """"^ the public key of 

suitable -^TL^JT l e 1 public key ~ rti£i °«* ■ ^ • 

public key certrficatT ™ ™ bre11 * or "~ i »"=» too can have a 

to , point .referrea to th " * ^ ° £ leading 

too.. The hier^chi 'l \ r ° 0t ' " hi ° h * SS °= ia " *>« 

organisatLTaTcb. \og 0 TtT H ~ tlfl — — -th a master 

certificate. 1 \ '""^ h " * 

- rained oyTJstLit £££ ^1^2= 
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need, Z ^T^ZTIZ^T ^ °~ 

key infrastructure (pki) . S valld ' ls ^own as a public 



The present invention uses the nrinn^i 

»™^7lZTtVilZ^r c V, the Bresent inve ° tion cha - 

Pubiisner to one or LTS^L alSCl ° SU ~ <* i-ta-ti- by . 

- tey pair ::riti: r c i b ° ay ™- 

an encryption key and a decryption V . tlme ° f disc l°sure with 

digital certificate signed wIThT ^ ^ a 

the publisher with the encrvoti™ J*" 1 ^ key ° f the Ousted body providing 
the publisher using t^Z^TonZJT^ " ^ ^ °»* 

obtaining the encrypted data^I the tlst^W ^ ^ 
key available to the recipient at T makin * decryption 

recipient at the specified date and time. 

The publisher may verifv th P _ 
with the pehiic hey of the trust^a ^ " di3lCil ° e " i£it »" 

* 

The trusted body may create a « 

aate M a t lm . on aemana ZoJTtLZZr ^ Pair £ ° r a 5peci£ ^ 

In one embodiment, the cn, e i-^ v. ^ 
specified date and time. ^ generate °^ key Pair for a 

* 

In an alternative embodiment, the trusted v™, 
■ -re hey pairs for , specified date and Tl Se °"" e 0ne ° r 

«ch of a pluraiity of pubiishers ^ h oTthe 9 ^""" 9 * ~ " f » 

key. P ndlng ^ate key may obtain the decryption 

According to a second asoeoi- n * ^ 
provided a system for o-troSTt^ * inVe ° ti0 " " 

comprising a polisher, a trusted body ° £ iaf «™'"<» 

specified date and ti- of dL ts^re ^an " »^ £ ~ ' 

xosure with an encryption key and a 
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decryption key; a digital certificate signed with a private key of the 
trusted body providing the publisher with the encryption key prior to the 
speeded date and time; and means for making the decryption key available 
at the specified date and time. 

Preferably, the system includes one or more recipients with means for 
. obtaining data encrypted with the encryption key from the publisher prior 
to ^e specified date and time and means for obtaining the decryption key 
at or after the specified date and time. 

The certificate may include the specified date and time, the 
encryption key value, and the name of the trusted body. 

Preferably, the encryption key is a public key and the -decryption key 
is a private key in a public key infrastructure. 

in one embodiment, there may be a single key pair for a specified 
date and time. In an alternative embodiment, there may be a plurality of 
publishers and one or more key pairs for a specified date and time, a 
different key pair for each of the plurality of publishers for the 
specified date and time. Each of the plurality of publishers may have a 
.password issued by the trusted body for preventing disclosure of the 
decryption key. 

* ■ 

The decryption key may be encrypted with a public key and only 

recipients with the corresponding private key may obtain the decryption 
Jcey . 

tru a , Tt b ° dy ^ haVS ° r ^ affentS Wh ° act on of the 

IZTll T\ T ^ trUStSd b ° dy ^ bS * «** h -ing an 

internal clock for providing the decryption key to a recipient. 

The trusted body may be accessible by the publisher and the 
recipients via a communication network. 

« 

According to a third aspect of the present invention there is 
provided a computer program product stored on a computer readable storage 
medium, comprising computer readable program code means for performing the 
steps of: generating an asymmetrical key pair for a specified date and time 
of disclosure with an encryption key and a decryption key; providing a 
digital certificate signed with a private key of the trusted body providing 
a publisher with the encryption key prior to the specified date and time 
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Publisher to one or Je^Z- "~ °' infection by a 

an as«etric.l *ey ~ ZZ^ZZ?" T" t ^ 

pubii^r ^::lz^:zx;ti:^:-tt ^ - «- - 

trusted booy «" ^ SPeCitied *** " d ^ «- 

aenerating I ~ " ~ ~ ^ ^ *- » rifled date an, time. 

y Paxr for each of a plurality of publishers . 

specified date a„a time for that publishl ^ ^ 3 

The decryption key may be eIwn m ^ a ^ , • 
recipients with the corresoon^ enCrypted Wlth « Public key and only 
key. corresponding p riV ate key may obtain the decryption 

erence to the accompanying drawings in which: 
invenJ„r S ' " " * ° T 10 —«*»- -1th the present . 

* 

Presentation,' * ' «« -e in accordance with the 

inventiTi; tL^r 9 ™ ° f B SyStem in — «— -i«h the present 

» 

Figure 3B is a diagram of the * v «i- om 

tne astern of Figure 3A at time T»T1- 

inventloTand * * ™ ethM ** — ««— with the present 

the pres^inv^tLr 3 "" * " " < =°**°»'- an embodiment of 

a 

Referring to Ficrure 1 t-v,^^ 

distribute some ™°Z C ^\TZ\"lZZTol " ^ * 

The publisher 10 obtains an „„,. !• P r * Uty of "crprents 12. 13, 14. 

- in the form of Lc^ ZTlTZ 1 " f ~" 
^ a data 15 to each of the recipients 12, 13,14. 
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oubl ' reCiPient 13 • -■•««• » »y -mil fro. the 

pubHeher 10 attaching a file of the encrypted data 15. 

The first and . second recir>ii=»r.t-c! i •? i -a 
in Kn • recipients 12, 13 are connected to the publisher 

10 by a communication network 19 *n* a « f v 4= ^ 

. „ necworjc 19 and are therefore part of an online 

communi ty . 

or IntLT! rSCiPient ^ " diSC ° nneCted - he does not have e-mail 

1 n ^ th±rd reci ^ ient 14 i- -«t a CD-ROM 18 by the 

publisher 10 and the CD-ROM' contains the encrypted data 15. 

The above recipients 12, 13, 14 are token examples of the plurality 
of recipients and the encrypted data 15 can be distributed in it! 
electronic form by any available means and via third parties. The 

sui^rV 2 ' " ' ^ reCe±Ve - d St ore ^e encrypted data 15 on any 
suitable electronic device, which may include a computer, a mobile phone, 

12 13 T \^7T d T ^ 15 C3Xm0t ^ aCCeSS6d ° r ^ by the -cipients 
12, 13, 14 and therefore has not been disclosed to the recipients At a 

tZZZlT^TlT T isher ' a decryption key is made - -e 

the "atL "i. " T " ^ ^ " CiPiSntS 12 ' 13 ' " - access 

« 

' A trusted service is provided that manages and provides a public kev 

t SerViCe - SerV±Ce PUbliShSS di ^tal ceS Latls 

clrtled bv S I ^ ln ^ fUtUre - ^ di ^tal. certificates are 

prt t kev trUStSd SSrViCe ^ 3 U — °» trusted services 



site o h T S6rV1Ce " PUbllCly aCCessible ' f - -ample via a web 

ce'tifLn V r ^ e " mail aCCSSS - trUSted is ^self 

certxfxed by an umbrella organisation which ratifies the trusted service by 

Proving a certificate of the trusted service's public key. The 

chain of Wlth ^ ° f ^ — i-tion. A 

ToZ T S ^ ^ Pr ° Vided Wlth a r ° 0t of the chain which is " 

bootstrapped or confirmed by a means outside the public key infrastructure. 

dial J^T^ t0 Fi9Ure 2 ' 3 dig±tal ce -tifieate 20 is shown. The 
digital certificate 20 contains certificate information 21. The 
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the name 2, of tia t „ ^ ^ ^ ^» » for the date M d time » a 
signature 25 is generated „„, !' n " the ""if icate. a digital 

trusted service. The digital signature t ^ 26 o£ °" 

certificate 20. "9»ature 25 xm inserted in the digital 

the given date and time TL'T* x «*> m ' » W 23 for 

• service for a publicly for 2 2 T f ' " ^ 

»U1 issue a xLXt^LS cL" f eTd"-"; 0 ^' ^ « 

■ contains the public key 23 . Ce " l£led ^"al certificate 20 which 

for- f ° Vidlng thS PUbl±C « which is ' to be used for encrvoM. ■ „ 

form of a certificate from the * . encryption in the 

that the corresponding prLte ZTZT^ ^ * t ~ t 

Also, the security provided Z a certificate 1 " ^ ^ 

Posing as a trusted service and 1^ *™™ts an impostor from 

the private key before";:; Z Z lTll ^ ^ "* 

* 

The publisher 10 may now take the information 11 „ ■ 
distribute and encrvot it lnto ™ation 11 which he wishes to 

encrypt it using the public k PV 51 „i,j , , 
by the trusted service for ^ a . * Whl ° h has been Provided 

- encrypted data »^T^^Vl^^ ^ 
Figure 1. Recipients 13 14 15 ^ T discussed in relation to 

then obtain the encrypted dal l 5 ^ inf °— ^ion 11 can 

however, the recipie^ 13 S^LTd^ " ^ ^ 

they do not have the private V ^ data 15 as 

the private key corresponding to the public key 23 . 

At the given date and time i„ 

the trusted service makes ol , " aPrU 2004 < 10 -<">hr, 

trusted service Z Polish the" ™~ 

^ e-mail in response^ a ™ 7 ~ * - « — ide it 

key from the trusted service Z hey^an IZT' °~ ° bt * ln 

15 and access the information 11 . «"» 

certif StT^lXt: trustT ^ ^ ta * 

the trusted service Lues ZtllTt^ °< 
centring the public key valu 23 ^^^TV" " Bh °"° * * 
trusted service can issue the dig tel certif^at ' ^ ^ 
value 23 and the corresponding private kW U e ^ ^ 
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The trusted service may oDsrai-P ,H a -r *. 

« «. , p ate Vla the Internet and proxies and 

system caches can be used to reduce the burden on the main site as 
recipients demand the private key. The private key is relatively small in 
s^e and therefore quick to distribute at the given time In ^ 
recipients are «n =vo - sriven time. In this way, the 

giveTdTt-e Zl t aCCSSS inf0rmation " very soon after the 

given date and time ensuring that all recipients have the same ability to 
access the information 11 promptly after the given time. 

Figures 3A and 3B show the transfers of the public and private kevs 
between, the parties. Figure 3A is at a time T MV m Private keys 

time Tl i e t<ti o • ' Y tlmS before a specific 

' 1 ; e - T<T1 - Figure 3B is at a time, T, any time at or after the 
specific time Tl, i.e. T3T1: ■ arcer tj3e 

* 

♦ 

• in Figures 3A and 3B there is shown a" publisher 10 and four 

recipients 31. There is also shown a trusted service 30. m F ^ re 3A 
the publisher 10 obtains a public key 32 from the trusted servicHo at' 
some time before a specific time, Tl. The publisher 10 wants some 
information to be disclosed to the recipients 31 at the specific time Tl 
The publisher 10 encrypts the information and the recipients 31 obtain the 
I™* ^form-ion - -om the publisher 10 at any Le once the ^ 
information has been encrypted. The recipients 31 may obtain the encrvoted 
information 15 at different times. encrypted 

Figure 3B shows the same publisher- i n =r,^ • • • ^ 
3A but after time Tl Publisher 10 and recipients 31 as in Figure 

arter time Tl. The recipients 31. each obtain the private kev 34 
corresponding to the public key 32 of Figure 3A from the luLl service 
31. The recipients 31 can each then decrypt the encrvnt-^ . 
which they obtained prior to time Tl. encrypted information 15 

• 

Figure 4 is a flow diagram showing the actions of a publisher and a 
single recipient. Figure 4 shows time T r^,™ '• P^^er and a 

of th* r,,^ , - ^ ^ ' ' P r °9 re ssing towards the bottom 

of the page with the specific time Tl shown in relation to the actions At 

whTch thV b ° btainS 3 PUbl±C ^ — ~ info- tLn 

T^TtTll f W1ShSS t0 diSCl ° Se ^ ° r aftSr timS »• ^ 

encrypts 42 the information and the encrypted information is made available 

nformir 1151 ^ 5 - ^ ^ * * ° btainS th * 

information and stores it, awaiting time Tl. At time Tl, the private key 
becomes available for dec^in„ private Key 

recipient * d ^W^g the encrypted information. At box 46 the 

recipient X obtains the orivat-P 4-i~ . . 

information. * * reC1 P lent ^ -decrypts 47 the 

4 m 

# 

service on a time based smart card which would ensure that 
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a >«tery. The "e'^lT" S°t ""f — — ' £ » — «- 

card with the private key to 2 7 1 Cl ° Ck <U " J E>r ° 9r »" «» 

auto*atic,Uy heco,» alTll^e on I " * ^ ^ "» *~ — " 

given time. SnBrt card the dock reached the 

to reiease the key , t the giv^I! ^ cl V*"** 1 '' i ° t ™ 1 

tWkeeper or have access to a trn t.a^L, aV ^ 

"ill sign a digits! certificate for a ourrlt tL "--keeper 

aervioe^::;: r^^rrirr^-.rr - ~ 

for that time. « ^TZlZlT^T ^ ^""'^ ^ — 
— *ey pair is used md t he -C^s^T* '.fT ^ »• «- 

Publisher as was proved to the first Pubul ^ ~° "» ««— 
exact number of key pairs for fh. - ■ puoilsl,er - In this way, only the 

*eys are createa ala s Zl * te t^tedT"" "^"^ N ° I ~— « 
reducing overheacs. trusted servrce or its agents thereby 



More than one Dubl.i <^h^ « av , ~ j= 
encryption as the puhUs"", ^ ITXT^t T " 
decrypt infection encrypted toJZ^jZZJZCZ"* 
key. The publishers cannot obtain m, puJ3J - lsfter using the same public 
1= -sued by the trustea Z^ZZZZS?™' *~ — - 

.-1^ rr^t^r"^^.^" - — - 

for which a key has been regueate a * " "* - 

DATE , TIME 

Apr il 2004, 10.00 

April 2004, 16.50' 
u Apr il 2004, 09.0Q" 
^ April 2004, 14.00 



DEgRYPTI^g KK* (PRIVATE KEY) 



JK6.,„„ 


»♦.... jp 2 4 




••»••• 7 YT 




>.....W2 L 


STN JVQSfW 
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• in a second embodiment, the trusted service creates . 

«* plusher „„„ „ ishe6 to publleh ac . s :; 0 ^ l: r:L a t ^ 

servjre _ re ^ es ts a key for the. same date and time T2, the trusted 

service creates a second key pair and issues the public kev of 

v ev r»^T *r* *--u , jju-uj.ic Key or the second 

™£l t w Publisher - At time T2, the trusted service 

publishes both the private kev* nf . service 

private Keys of the key pairs created for time T2 . 

The second embodiment has the advantage that a publisher can ston 
disclosure of information which has already been distributed L "s " 
encrypted form before it is disclosed at time T2 Thi. W 

. , _ . uisciosea or not without affectincr amr 

LTvaliTt SUrS : takln3 ^ ^ "« t±me - A P-sword caf b7u"d 

for validating the publisher's identity when instructing the trusted 

service not to publish a private key. The password would be i^ to the 
publisher with the public kev ir, „~ issued to the 

Passwords would be- ecu 1 L 1,7 ^ ^ trUSted Service ' ' 

infrastructure. * ^ th * P**ic *ey 

y cue crusted service for the second embodiment Mnr P t-v^r. „ 
prxvte key My be providea £or Mch aate »^ -«.«*- one 

=ea „ lth «„ Privat . key iaentl£ied by , he publish j h t : : h in t bee " 




22 April ^U04, 10.00 
22 April 2004, 10. 00" 



25 April 2004, 14.00 
25 April iJ004, 14.00 



Publisher P 
Publisher Q 
Publisher A 
Publisher B 



Publisher C 
Publisher z 




KEY 

(PRIVATE KEY) 

RT8. 2S4 

T0R..ZT. . . -BN7 



.....L4G 



-. V3M 



second 1^ I "*« U »«^ «hich may be used in combination with the 

l^ItlT dSSCribed ^ ^ dist -^tion of the private key is 

fZtl V PrS " defined aUdienC - A *~ Pair may be created for time T3 
for publisher p and a public key issued to publisher p. The private yZ is 
only made available, after time T3 t-« - « „ Private key is 

recinjm . mK . tlme T3 ' to a Pre-defined audience of 

recipients. Thls can be ach±eved fay ^ .^^^ ^ 
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Pre-de fl „ed audience o£ reoipiQlts „ m hola ^ ^ ^ ^ 

For example, IBM employees may all be -issued w-ihh 
key for IBM confidential disclosures Tf " 8Ued . , ' lth the same Private 
at time T3 to ^ i aiSClosures - If ^formation is to be distributed 
u Clme TJ to the employees of IBM h.h -i «, 

outside the ™m o<= bS ST eneral ly disclosed 

. outside the group of the employees of IBM, the private kev for- - • m , • 

encrypted with the public kev CO rr Bmn „ • .. SY f ° r time ls 

employees . m this wav th ^responding to the private key for IBM 

v . in this way, the open Internet may be used to transfer 

information which is confidential ho , «• transfer 

obtains a Tl public kev 32 for- „ • The P^ 11 * 1 ^ 10 

i puoiic key 32 for time Tl from a trusted service 30 -th* 

trusted service 30 sends the publisher 10 a certificate Z which' T- 
the Tl public key 32. The certificate 20 ± B JiZ * \ contains 
service's d h™.- 0 * « te 20 ls S1 9med with the trusted 

SO^ the she" to ^ " * ^ * ~ 

Publication btf 0 ;e time tL ^ " ^ t0 " ±tM »» ^ 

servicHoT 11811 " " ° Pti ° nally «" -War. of the trusted 

service 30 by using the trusted service's public kev 51 ^ xi ■ * 
encrypts the document 11 with the Tl oubliH ,! Publisher 10 

encrypted document 15. ? ^ 32 resultin * in an 

PublishJ e i C 0 iPi ^ e 31 ° btainS " 6nCryPted d — fc 15 to- ^e 

autw „ recipient 31 in this example is one of a group of IBM 

authorised personnel who has an IBM private key 53 The IBM 7 
personnel are. a . i. * IBM authorised 

are a group who a re authorised to have access to . , 

of lnformaeion ma doe _ Bt . vhich iM1 „:;r™ 

public Vav « u Private Jcey 34 is encrypted with the IBM 

public key 55 which corresponds to the IBM private kev « * 

the » pr^rZ 3 " ' . ^ deOITOt ^ —»*- *«— « 15 usin s 
p vace Key 34 to access the document 11. 

In this way, , document can be distributes to a selected oroup of 
rec^ents ahead of its disclosure at a specified date J til iL ' 
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distribution can be made via the public Internet or by other online or 
offline means at a time to suit each of the recipients. As the publisher 
has a password associated with the public key. used for encryption, the 
publisher can withdraw the disclosure of the information before the 
disclosure date even after the encrypted information has been received by 
the recipients. 

For the implementation of the system by the recipients, a client 
application is required to obtain, decrypt and launch media. This may be 
in the form of a plug- in or client side application. 

The disclosed system, has numerous uses in which the disclosure of 
information is time sensitive including software update issues, corporate 
publications, government/press releases to agencies, music releases to 
radio stations, Dutch auctions, film distribution, etc. 

* 

The concept of a trusted time-keeper introduced herein can also be 
used as a means of providing proof of ownership of a document at a given 
time. A trusted time-keeper can sign the document with the current time 
which is certified by the time-keeper. 

* 

Aspects of the present invention are typically implemented as 
computer program products, comprising a set of program instructions for 
controlling a computer of similar device. These instructions can be 
supplied preloaded into a system or recorded on a storage medium such as a 
CD-ROM, or made available for downloading over a network such as the 
Internet or a mobile telephone network. 

improvements and modifications can be made to the foregoing without 
departing from the scope of the present invention. 
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CliAIMS 

1. A method for controlling the disclosure time of information by a 
publisher (10) to one or more recipients (31) comprising: 

a trusted body (30) generating an asymmetrical key pair for a 
specified date and time of disclosure with an encryption key (3 2) and a 
decryption key (34) ; 

the trusted body (30) providing a digital certificate (20) signed 
with a private key (26) of the trusted body (30) providing the publisher 
(10) with the encryption key (32) prior to the specified date and time; 

the publisher (10) using the encryption key (32) to encrypt data 

(15); 

the recipient (31) obtaining the encrypted data (15); and 

the trusted body (30) making the decryption key (34) available to the 
recipient. (31) at the specified date and time, 

2. A method as claimed in claim 1, wherein the publisher (31) verifies 
the signature (25) on the digital certificate (20) with the public key of 
the trusted body (30) . 

3 . A method as claimed in claim 1 or claim 2 , wherein the encryption key 
(32) is a public key and the decryption key (34) is a private key in a 
public key infrastructure. 

4. A method as claimed in any one of claims 1 to 3, wherein the trusted 
body (30) creates an asymmetrical key pair for a specified date and time on 
demand from a publisher (10) . 

■ 

5. A method as claimed in any one of the preceding claims, wherein the 
trusted body (30) generates one key pair for a specified date and time. 

6. A method as claimed in any one of claims 1 to 4, wherein the trusted 
body (30) generates one or more key pairs for a specified date and time, 
generating a new key pair for each of a- plurality of publishers (10) . 

7. A method as claimed in claim 6, wherein each of the one or more 
publishers (10) has a password (50) issued by the trusted body (30) for 
preventing disclosure of the decryption key (34) . 
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A method as claimed in any one of the preceding claims, wherein the 

^ ;; t ey ^ 6nCryPted Wlth * *Y **> and only recipients 

(31) wxth the corresponding private key (53) can obtain the decryption key 

9. A system for controlling the disclosure time of information 
comprising: 

a publisher (10) ; 
a trusted body (3 0) ; 

with aT aSYinm ; triCal ^ Pair f ° r a specified date and time of disclosure 
w lt h an encryption key (32) and a decryption key (34); 

* • 

a digital certificate (20, signed with a private key (26) of the 
trusted body (30) providing the publisher (10) with the encryption key (32, 
prior to the specified date and time; and 

ft 

means for making the decryption key (34) available at the specified 
date and time. 

10 A system as claimed in claim 9. including c„e or more recipients ,3!) 
21 f taini " 3 **" ' 15) " ith »«™tion *ey 

1 Tf <10) prior to the specUiea date — - d — 

obtaimng the decryption key ,34) at or after the specified date and time. 

11. A system as claimed in claim 9 or claim 10, wherein the certificate 
(20, includes the specified date and time, the encryption key value (32), 
and the name of the trusted body (30) . 

12. A system as claimed in any one of claims 9 to 11, wherein the ' 
encryption key (32, is a public key and the decryption key (34) is a 
private key in a public key infrastructure. 

13. A system as claimed in any one of claims 9 to 12, wherein there is a 
single key pair for a specified date and. time. 

14. A system as claimed in any one of claims 9 to 12, wherein there is a 

and time, a different key pair for each of the plurality of publishers (10) 
for the specified date and time. 
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15. 



pu,i is L;r(r:, a L claimed in ciaim i4 - wherein each ° f <* 

L.lr i 3 PaSSWOrd (50 > by the trusted body (30) for 

preventing disclosure of the decryption key (34) . 

16. A system as claimed in any one claims 9 f-„ 1 « t, 

key (34, is encrypted with a puLc key " , and ^ ^ dec ^ fci - 

the corresponding private key ^53, JT 1 * reCipientS (31 > 

JCSy . (53) can obtain the decryption key (34) . 

17. A system as claimed in any one of claims 9 1 * t, ■ 

.30, „ 8 m . or _ , g _ „ ho act ™T^r 0 rr;~ aT ted 

body ,30, ^ " ^ Claln " • Whe " in - ««-"= *°r the trusted 

rusted body ,30, rs accessible by tbe publisher ,10, and che recipiente 
(31) via a communication network. P Cs 

20. A method for controlling the disclosure time of inf • w 

publish^-r nn\ 4-^ time or information by a 

publisher (10) to one or more recipients (31) comprising: 

soecif* T/^ b ° dY <30> gSneratin 9 an asymmetrical key pair for a 
specified date and time of disclosure with an encryption kev tl7 a 
decryption key (34); encrypcion key (32) and a 

the trusted body (30) providing the publisher (10) with the 
encryption key (32, prior to the specified date ^ «« 

^ the publisher (10, using the encryption key (32, to encrypt data 

the recipient (31, obtaining the encrypted data (15); and 

the trusted body (30) making the decryption kev .3/n »„ ■ , M 
recipient (31) at the specified date and tlml ^ t0 

specifled^etdtr^ ^ ^ ~ ~ — ^ for a 

of published (^r 9Snerating 3 "~ ^ ^ ** each of a plurality 

■ 

t 

21- A method as claimed in claim 20, „herein each of a pluralitv o f 
Publrshers ,10, has a password „., issued by the trusted holy pVL 



GB92003 0011GB1 17 

preventing disclosure of the decryption key (34) for a specified date and 
time for that publisher (10) . 

22. A method as claimed in claim 20 or claim 21, wherein the decryption 
key (34) is encrypted with a public key (55) and only recipients (31) with 
the corresponding private key (53) can obtain the decryption key (34) . 

23. A computer program product directly loadable into the internal memory 
of a digital computer, comprising software code portions for performing the 
steps of any one of claim 20 to claim 22 when said product is run on a 
computer. 

* 

24. An information distributing service for controlling the disclosure • 
time of information by a publisher (10) to one or more recipients (31) 
comprising: 

a trusted bbdy (3 0) generating an asymmetrical key pair for a 
specified date and time of disclosure with an encryption key (32) and a 
decryption key (34) ; 

* 

the trusted body (30) providing a digital certificate (20) signed 
with a private key (26) . of the trusted body (30) providing the publisher - 
(10) with the encryption key (32) prior to the specified date and time; 



(15) ; 



the publisher (10) using the encryption key (32) to encrypt data 
the recipient (31) obtaining the encrypted data (15); and 



the trusted body (30) making the decryption key. (34) available to the 
recipient (31) at the specified date and time. 
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ABSTRACT 

METHOD AND SYSTEM FOR CONTROLLING 
THE DISCLOSURE TIME OF INFORMATION 



A method and system for controlling the disclosure time of 
information by a publisher (10) to one or more recipients (31) is provided. 
The system includes a trusted body (3 0) which generates an asymmetrical key 
pair for a specified date and time of disclosure with an encryption key 
(32) and a decryption key (34) . The trusted body (30) provides a digital 
certificate (20) signed with a private key (26) of the trusted body (30) 
providing the publisher (10) with the encryption key (32) prior to the 
specified date and time. The publisher (10) uses the encryption key (32) 
to encrypt data (15) and a recipient (31) obtains the encrypted data (15) 
at any time prior to the specified date and time. The trusted body (30) 
then makes the decryption key (34) available to the recipient (31) at or 
after the specified date and time. 
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